All geek questions in one place

New for encryption with PHP, direction Please?

I am working on a very small form that accepts credit card numbers, which will soon be cleared. As long as they exist in the database, I would like them to exist in a convenient state of encryption. Unfortunately, over the many years of development of web development, programming and database development, I have never had the opportunity to learn myself in the field of encryption.

Is there a relatively easy way to encrypt credit card numbers that I can implement quickly? A set of functions, a class, anything at all that will do its job and be done well? I take this opportunity to talk about myself on this subject, but because of the sensitivity to time, it takes more than just pushing in the right direction.

Language: PHP / Storage: MySQL

+3
source share
2 answers

One of the best ways is to simply use MySQL for encryption / decryption. See the following functions:

http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html

However, keep in mind that although this will protect you from people who might find a way to read your database, it will not protect against who owns the server. This is because the decryption key is present on the server.

Overall, this is a huge boost. True security comes from public key encryption and offline decryption using a secure private key (for example, on another server).

As an example:

INSERT INTO BillingInfo 
SET CCard = AES_ENCRYPT('4111...', 'super-secret-key')
...

and

SELECT 
AES_DECRYPT(CCard, 'super-secret-key') 
...

:
http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html#function_aes-encrypt

AES .:
http://en.wikipedia.org/wiki/Advanced_Encryption_Standard

PHP. , ( ).

+4

, ( , ), , webapp .

, , webapp, . , ( ) .

openssl_public_encrypt.

0

Source: https://habr.com/ru/post/1727447/

More articles:


All Articles